MyHeritage DNA testing service says breach affected 92M users' data

"There has been no evidence that the data in the file was ever used by the perpetrators", said Omer Deutsch, the company's chief information security officer in a blog post, adding that the company has not seen any indication that the accounts had been compromised.

The security breach, discovered by a researcher, includes all the email addresses of MyHeritage users who signed up through October 26, 2017.

The genetic analysis and family tree website MyHeritage was breached past year by unknown actors, who exfiltrated the emails and hashed passwords of all 92 million registered users of the site.

In a statement on its website, MyHeritage said it became aware of the incident on Monday, the same day of the announcement. A hacker able to decrypt the hashed passwords exposed in the breach could access personal information accessible when logging into someone's account, such as the identity of family members.

The security researcher, whom MyHeritage didn't name, reported that the server didn't contain any other data related to the company.

The MyHeritage incident marks the biggest data breach of the year, and the biggest leak since last year's Equifax hack.

A security researcher contacted the company after discovering a file named "myheritage" on a private server, MyHeritage said.

MyHeritage recommends users change their passwords and said they should take advantage of a two-factor authentication feature the company plans to release soon. Credit card information isn't stored on MyHeritage, it said, but is instead stored on "trusted third-party billing providers" like BlueSnap and PayPal. "We have no reason to believe those systems have been compromised", the company said. After Deutsch was alerted, the company said its security team analyzed the file sent from the researcher and confirmed that its contents were legitimate and that the data originated from MyHeritage. Current health privacy laws outdate platforms like 23andMe and Ancestry.com, and therefore don't adequately protect genetic privacy.

A full report will likely take a while; the company is planning to hire an external security firm to look into the breach, and is working on notifying relevant authorities under USA laws and GDPR, among others.

Popular news

Olesen edges home favorite Molinari to win Italian Open
Olesen had only managed one top-10 finish all season but after securing his fifth European Tour title he said: "Its unbelievable". Olesen drove into trees and had to lay up with his third to 20 feet, while Slattery found the front of the green in two.

Fashion Designer Kate Spade Dead at 55
If you or someone you know exhibits any of these signs, call the suicide prevention lifeline at 1-800-SUICIDE (1-800-784-2433). Designer Kate Spade was found dead in her Manhattan apartment on Tuesday following an apparent suicide , sources tell CBS2.

Woman's obituary takes a plot twist for the ages
It seems that Dehmalow abandoned her children when she moved to California after becoming pregnant by her husband's brother. According to her obituary in the Redwood Falls Gazette , she was not a very good person.

‘I Have The Absolute Right To Pardon Myself’
Yes, he is the President and, yes, as his attorneys argue, he has important work to do-but as the Supreme Court observed in US v. Doing so, Giuliani said, would "lead to probably an immediate impeachment", adding that he "has no need to do that".